CVE-2024-51499

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (e.g. students) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/MarkUsProject/Markus/pull/7026	Patch
https://github.com/MarkUsProject/Markus/security/advisories/GHSA-j95p-7936-f75w	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:markusproject:markus:*:*:*:*:*:*:*:*

History

04 Sep 2025, 17:25

Type	Values Removed	Values Added
References	~~() https://github.com/MarkUsProject/Markus/pull/7026 -~~	() https://github.com/MarkUsProject/Markus/pull/7026 - Patch
References	~~() https://github.com/MarkUsProject/Markus/security/advisories/GHSA-j95p-7936-f75w -~~	() https://github.com/MarkUsProject/Markus/security/advisories/GHSA-j95p-7936-f75w - Third Party Advisory
First Time		Markusproject Markusproject markus
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CPE		cpe:2.3:a:markusproject:markus::::::::

Information

Published : 2024-11-18 20:15

Updated : 2025-09-04 17:25

NVD link : CVE-2024-51499

Mitre link : CVE-2024-51499

CVE.ORG link : CVE-2024-51499

JSON object : View

Products Affected

markusproject

markus

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2024-51499", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-11-18T20:15:05.760", "references": [{"url": "https://github.com/MarkUsProject/Markus/pull/7026", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-j95p-7936-f75w", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (e.g. students) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading."}, {"lang": "es", "value": "MarkUs es una aplicaci\u00f3n web para el env\u00edo y calificaci\u00f3n de tareas de estudiantes. En versiones anteriores a la 2.4.8, una vulnerabilidad de escritura de archivos arbitrarios accesible a trav\u00e9s del m\u00e9todo update_files de SubmissionsController permite a los usuarios autenticados (por ejemplo, estudiantes) escribir archivos arbitrarios en cualquier ubicaci\u00f3n del servidor web en el que se ejecuta MarkUs (seg\u00fan los permisos del sistema de archivos subyacente). Esto puede provocar una ejecuci\u00f3n de c\u00f3digo remoto retrasada en caso de que un atacante pueda escribir un archivo Ruby en la subcarpeta config/initializers/ de la aplicaci\u00f3n Ruby on Rails. MarkUs v2.4.8 ha solucionado este problema. No hay workarounds disponibles a nivel de aplicaci\u00f3n aparte de la actualizaci\u00f3n."}], "lastModified": "2025-09-04T17:25:38.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:markusproject:markus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12E4D0CA-53F2-426A-B51B-C25258C99325", "versionEndExcluding": "2.4.8"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}